September 26, 2009

Off and on I've been working on a USB ran application similar in idea to the USB Switchblades found over at Hak5. My main problem is that I never had a set goal of what exactly it was that I wanted the application to do. This caused me to scrap the project multiple times and begin anew. Each of these new attempts also failed due to a lack of an overall goal.

Today, after thinking it over significantly, I came up with four levels of attack that an attacker would likely use on a local system. These four levels are:

1. Privilege Escalation
Before an attacker can do much of anything (install applications, copy certain files, etc), they must first obtain a higher level of access to the system.

2. Obtain Local Information
This is the most common attack done from a USB drive. The idea is to gather system data and copy it over to a folder on the USB drive. The data that is gathered typically includes browser history, passwords, system info, wifi keys, LSA secrets, and so on. With this data, an attacker is able to compromise more than just the local system.

3. Compromise & Control the Local System
With this attack level, an attacker installs a backdoor into the system, installs the ever so popular USB Hacksaw, turns the system into a zombie node on an elaborate botnet, or whatever their black hearts desire to do. Essentially, the attacker now has some level of control over the system even after they leave.

4. Prepare for Network Ownage
In this level, an attacker gathers data that can help them to compromise other computers on the network. This is done by scanning the network for nodes, port scanning these nodes, capturing packets, etc. With this information the attacker will have an idea of how the network is set up, which they may use later in compromising other systems.

With this four attack levels in mind, I think that I will continue work on this USB tool by implementing all four levels into it. Maybe with at least this basic idea, I won't scrap the project again.
Categories: ,

1 comment:

Subscribe to RSS Feed Follow me on Twitter!